Various forms of network storage systems are known today. These forms include network attached storage (NAS), storage area networks (SANs), and others. Network storage systems are commonly used for a variety of purposes, such as providing multiple users with access to shared data, backing up critical data (e.g., by data mirroring), etc.
A network storage system may include at least one storage server, which is a processing system configured to store and retrieve data on behalf of one or more storage clients (“clients”). In the context of NAS, a storage server may be a file server, sometimes called a “filer”. A filer operates on behalf of one or more clients to store and manage shared files in a set of mass storage devices, such as magnetic or optical disks or tapes. The mass storage devices may be organized into one or more volumes of a Redundant Array of Inexpensive Disks (RAID). Network Appliance, Inc. of Sunnyvale, Calif., makes filers.
In a SAN context, the storage server provides clients with block-level access to stored data, rather than file-level access. Some storage servers are capable of providing clients with both file-level access and block-level access, such as certain Filers made by Network Appliance, Inc.
A business enterprise or other organization that manages large volumes of data may operate multiple storage servers concurrently. These storage servers may be connected to each other through one or more networks. The storage servers and other network components may be managed by one or more network administrators (also called “administrative users” or simply “administrators”), who are responsible for configuring, provisioning and monitoring the storage servers, scheduling backups, troubleshooting problems with the storage servers, performing software upgrades, and so on.
Storage servers retrieve stored data on behalf of one or more clients. When a client requests a storage server to retrieve data stored by the storage server, the storage server typically retrieves the data on behalf of the client as long as the client is determined to have authorization to obtain the requested data based at least in part on client/user identification information. However, since data stored by a storage server may be stored in accordance with one of many available operating systems (OS), such as Windows NT, Unix, DOS, OS X and so on, a client may be denied access to data stored by a storage server in accordance with one OS, if the client provides client/user identification information corresponding to the client's account in a different OS than the one in which the requested data is stored. Thus, for instance, if an otherwise authorized user provides a user ID associated with Unix while attempting to access data stored in accordance with Windows NT, the storage server may erroneously determine the user to be unauthorized.
A common solution to this problem is to map a client's identification information in one OS to the client's identification information in another OS and to use this mapping at the time of the request from the client. Thus, in the example in which a user provides its Unix user identification information to access data stored in accordance with Windows, the user's Unix user identification information is mapped to the user's user identification information in Windows. The user's Windows user identification information is then used to determine if the client is permitted to have access to the data.
Mapping data is generally stored locally on the storage server. FIG. 1 provides an example of user-mapping data being stored in a user mapping file 100. Accordingly, when a storage server requires a user's account identification information in a different OS than the one provided the user, the storage server accesses the locally stored user mapping file 100 to search for the provided identification information and then retrieves the desired account identification information. The user mapping file 100 provides a table with Unix User identifiers (IDs) in one column and the corresponding Windows NT User IDs in a second column.
Localized storage of mapping data is often not desirable in a multiple storage server system context. Localized storage of mapping data often requires that several storage servers store the same data. This requires considerable time and effort not only to input and save the data, but also to update stored data. Often, an administrator must manually change the stored data value on each storage server. Redundant storage of mapping data also means that storage space is being utilized inefficiently. Furthermore, another disadvantage of localized storage of mapping data is that it leads to weaker security. For instance, if an administrator must manually delete a user who is no longer authorized from each storage server, then there is a chance that the unauthorized user can obtain access to data stored by storage servers from which the user has not been removed.
It is desirable, therefore, to provide an improved method and apparatus for storage of user account identification information.